We were happy to participate in a community round table organized by CISO Platform
Key Discussion Points :
- What is Shadow IT?
- What are the types of Shadow IT?
- Practical demo using open source tools
- Controls to manage shadow IT risk
Reason Of Risk :
- No standardization
- Unknown risks
- Security breaches
- Data leaks
Types Of Risks :
- Third party email service
- Third party applications – whatspp, box
- Unknown assets
- Custom applications / individual built applications / scripts
- Database
- Cloud Buckets, S3
- Github ..online code repository
- Online Free tools / SaaS
- API
- Owner change of assets (person has left)
- Data in non electronical/ Physical forms
- Shadow accounts/privileges
- Shared / Leaked / Default / Weak / Written down passwords
- Backdoors
- IoT
- Rogue devices
- BYOD
- CCTV – source and data destination; set-top box
- 3rd party
- 4th party
- Supply chain